Hi Jaikiran With that config, my internal kafka client can't write to the Kafka broker. What I am looking for is that internal client can write to Kafka topic without having to have any truststore setup, while external kafka client MUST have certificate, and truststore setup and can read only if ACLs are programmed for that topic.
Any idea if such a thing exists ? Thanks. On Tue, Dec 19, 2017 at 10:10 PM, Jaikiran Pai <jai.forums2...@gmail.com> wrote: > What exact issue are you running into with thta configs? > > -Jaikiran > > > > On 20/12/17 7:24 AM, Darshan wrote: > >> Anyone ? >> >> On Mon, Dec 18, 2017 at 7:25 AM, Darshan <purandare.dars...@gmail.com> >> wrote: >> >> Hi >>> >>> I am wondering if there is a way to run the SSL and PLAINTEXT mode >>> together ? I am running Kafka 10.2.1. We want our internal clients to use >>> the PLAINTEXT mode to write to certain topics, but any external clients >>> should use SSL to read messages on those topics. We also want to enforce >>> ACLs. >>> >>> To try this out, I modified my server.properties as follows, but without >>> any luck. Can someone please let me know if it needs any change ? >>> >>> listeners=INTERNAL://10.10.10.64:9092,EXTERNAL://172.1.1.157:9093 >>> advertised.listeners=INTERNAL://10.10.10.64:9092,EXTERNAL:// >>> 172.1.1.157:9093 >>> listener.security.protocol.map=INTERNAL:PLAINTEXT,EXTERNAL:SSL >>> inter.broker.listener.name=INTERNAL >>> >>> ssl.keystore.location=/opt/keystores/keystotr.jks >>> ssl.keystore.password=ABCDEFGH >>> ssl.key.password=ABCDEFGH >>> ssl.truststore.location=/opt/keystores/truststore.jks >>> ssl.truststore.password=ABCDEFGH >>> ssl.keystore.type=JKS >>> ssl.truststore.type=JKS >>> security.protocol=SSL >>> ssl.client.auth=required >>> # allow.everyone.if.no.acl.found=false >>> allow.everyone.if.no.acl.found=true >>> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer >>> super.users=User:CN=KafkaBroker01 >>> >>> Thanks. >>> >>> --Darshan >>> >>> >
